July 25, 2016 By Patrick Wardrop 2 min read

Cloud is here to stay. Whether they realize it or not, businesses large and small have adopted cloud applications, and most companies have a growing concern about their cloud security posture.

Shadow IT: A Dark Cloud

Some cloud applications have a very simple enrollment process, which makes it easy for employees to sign up for the service without involving the IT department.

Shadow IT is what occurs when employees adopt cloud applications without approval or involvement from their IT department. It can be difficult to know what cloud applications have risk or threat exposures. If companies don’t provide a way for employees to understand what applications are allowed, shadow IT will continue.

Shadow IT can be discovered by using a cloud access security broker (CASB). CASBs are the future of cloud security. Unfortunately, most companies haven’t made the shift and are using static, outdated data to determine their risk exposure. They aren’t helping to coach employees to use low-risk, sanctioned cloud applications.

Training Goes a Long Way

Most shadow IT happens because employees are trying to do their jobs more efficiently and don’t know the risks of their actions. Coaching and training employees on the risks and pointing them to approved cloud applications will go a long way toward reducing risk and controlling shadow IT.

It is risky for companies to use outdated static data to determine the current or potential exposure for employees’ usage of unsanctioned or even sanctioned cloud applications. When enterprises hand over their corporate data to third parties, they should be sure that the cloud application provider is contractually obligated, prepared and equipped to handle that information.

Cloud Security Measures

To adopt cloud applications safely and prevent shadow IT, companies need to look for a CASB that not only discovers cloud applications, but also makes it easy for companies to connect with and teach employees about what is already approved. Additionally, the CASB should provide dynamic threat and risk data about the cloud applications being used.

More from Cloud Security

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today